Diagnostic & Troubleshooting

Question 1

What are troubleshooting steps?

Answer 1

1. Gather information & symptoms
2. Isolate the problem
3. Implement a solution
4. Problem solved? If not, repeat steps 2 & 3
5. Document the steps you took for future reference

Question 2

How can you gather information?

Answer 2

1. Question end-users
2. Protocol analyzers (Wireshark, etc)
3. Physical troubleshooting tools (cable tester, others)
4. Network management software
5. CMD network commands
6. show and debug commands
7. IP SLA: monitors network performances in real-time
8. Neighbor Discovery Protocols

Question 3

What are the OSI troubleshooting methods?

Answer 3

1. Bottom-Up
2. Top-Down
3. Divide & Conquer

Question 4

What is Bottom-Up troubleshooting method?

Answer 4

The starting point is at the bottom of the OSI model, the physical layer.

The examination starts from the network’s infrastructure such as cables and NICs

Question 5

What is the Top-Down troubleshooting method?

Answer 5

The starting point is at the top of the OSI model, the application layer.

The examination starts from the application itself

Question 6

What does documentation include?

Answer 6

Network-related notes: physical and logical topological diagrams, network and end-device backup configuration files, IP and MAC addressing schemes, and network performance baselines

Question 7

What is the Divide & Conquer troubleshooting method?

Answer 7

Starting point is not predefined. A particular layer is selected and examined. If the layer functions, then the next layer to examine is the one above it. if the layer is faulty, then the next one should be the one below it.

Question 8

What are the top IOS show commands?

Answer 8

1. show interfaces
2. show ip route
3. show ip interface brief
4. show running-config
5. show startup-config

Question 9

IOS command: show interface

Answer 9

Displays a large volume of info, including interface errors, bandwidth utilization, and interface speed

Question 10

IOS Command: show ip route

Answer 10

Verifies network reachability. Will indicate if routing protocols are operating as they should

Question 11

IOS Command: show ip interface brief

Answer 11

Presents only info about interfaces associated w/ the the IP protocol. Outputs a detailed summary of interface status and IP addresses

Question 12

IOS Command: show running-config

Answer 12

Displays the complete device configuration that is being used at that time

Question 13

IOS Command: show startup-config

Answer 13

Displays the complete device configuration that is being used when it loads

Question 14

IOS Command: traceroute

Answer 14

Discovers the path packets take to a remote destination and where routing failures occur

Question 15

IOS Command: ping

Answer 15

Checks network connectivity. Extended ping is able to change the source IP on the packet leaving the router

Question 16

What is Cisco Discovery Protocol (CDP)?

Answer 16

Layer 2 (data link) proprietary protocol enabled by default on all Cisco devices. Purpose is similar to NDP.

Can be disabled on specific devices or interfaces for security reasons

Question 17

What are CDP characteristics?

Answer 17

1. Eavesdropping - CDP does not encrypt data so it’s vulnerable to reconnaissance type attacks which allow the attacker to map the victim’s network and more
2. Information gathering - gathers data on local device and sends to all directly connected devices
3. Advertisements - packets that reveal device details to neighbors also running CDP. Advertisements are stored in the neighbor table

Question 18

What do CDP Advertisements include?

Answer 18

• Type of device (router/switch)
• Device name
• Interconnected interfaces
• IOS version
• Next-hop IP
• Connection’s duplex mode (full or half)

Question 19

What is mismatch detection?

Answer 19

Feature (in CDP) that can detect a protocol mismatch.

E.g. Native VLAN mismatch and Duplex mismatch

Question 20

What happens when a CDP mismatch occurs?

Answer 20

CDP notifies network administrator by recording the incident in a log.

Question 21

How long is the CDP packet timer?

Answer 21

CDP sends advertisement packets every 60 seconds by default to all directly connected devices

Question 22

IOS Command: show cdp

Answer 22

Displays global CDP info: (1) packet timer, (2) holdtime value (3) advertisements enabled/disabled

Question 23

What is the CDP hold timer?

Answer 23

If a device does not receive CDP packets from a neighbor for 180 seconds, it will consider the neighbor dead and remove it from its neighbor table

Question 24

IOS Command:

cdp run

Answer 24

Enables CDP on device (not port)

Recommended: Enable CDP only for port interconnections w/ other network devices

Question 25

IOS Command: | no cdp run

Answer 25

Disable CDP (on device not port)

Question 26

IOS Command: | cdp enable

Answer 26

Enables CDP on specified port(s)

Question 27

IOS Command: | no cdp enable

Answer 27

Disables CDP on specified port(s)

Question 28

IOS Command: | show cdp neighbor

Answer 28

Displays all connected devices that CDP can communicate with

Question 29

IOS Command: | show cdp neighbor detail

Answer 29

Displays more info on each device such as IP address and IOS version

Question 30

What is Link Layer Discovery Protocol (LLDP)?

Answer 30

It's a Neighbor Discovery Protocol similar to CDP developed by IEE. It's a standard protocol. Not enabled by default on Cisco devices yet fully supported

Question 31

What is the LLDP packet timer?

Answer 31

LLDP sends advertisement packets every 30 seconds by default to all directly connected devices

Question 32

What is the LLDP hold timer?

Answer 32

120 seconds. If device does not receive LLDP packet from a neighbor in 120 seconds it will consider that neighbor dead and remove it from its neighbor table

Question 33

IOS Command: | show lldp

Answer 33

Displays global LLDP info: (1) status (active/inactive) w/ packet timer and (2) hold timer

Question 34

IOS Command: | lldp run

Answer 34

Enables LLDp on device

Question 35

IOS Command: | no lldp run

Answer 35

Disables LLDP on device

Question 36

IOS Command: | lldp transmit

Answer 36

Enables LLDP to transmit on specified port(s)

Question 37

IOS Command: | no lldp transmit

Answer 37

Disables LLDP to transmit on specified port(s)

Question 38

IOS Command: | lldp receive

Answer 38

Enables LLDP to receive on specified port(s)

Question 39

IOS Command: | no lldp receive

Answer 39

Disables LLDP to receive on specified port(s)

Question 40

IOS Command: | show lldp neigbor

Answer 40

Displays all connected devices that LLDP can communicate with

Question 41

IOS Command: | show lldp neighbor detail

Answer 41

Displays more info on each device such as IP address and IOS version

Question 42

What is a Syslog?

Answer 42

A standard for logging messages. Protocol is documented in RFC 5424

Question 43

Why are System Log Events useful?

Answer 43

Increases a network administrator's awareness of hardware or software malfunctions, service status and security accountability. Can be used to predict component failures. Can be stored locally on the device or on a syslog server on network

Question 44

What is Log Storage?

Answer 44

Log storage takes up space and can, in some cases, degrade system performance. Log message count is limited due to buffer size. RAM is erased upon device power off

Question 45

What are Syslog Storage Methods?

Answer 45

1. Logging buffer 2. Console Line 3. Terminal Line 4. Syslog Server

Question 46

What is a Logging Buffer?

Answer 46

A predetermined storage space allocated on RAM for syslog messages

Question 47

What is Console Line?

Answer 47

A method of viewing messages locally via the console window

Question 48

What is Terminal Line?

Answer 48

A method of viewing messages via a CLI program (such as Putty)

Question 49

What is a Syslog Server?

Answer 49

A computer that runs syslog software. Concentrates logs from all devices on the network into once centralized location for easier mgmt and log backup. a syslog server is configured on the device, the device will send all syslog messages to the server over UDP 514 port

Question 50

What are important pieces of the Syslog messages?

Answer 50

1. Message Severity | 2. Message Facility

Question 51

What is Message Severity?

Answer 51

The urgency of the log message is represented by its severity level (number value 0 to 7)

Question 52

What is a Message Facility?

Answer 52

The facility parameter indicates the source that generated the message (e.g. hardware, routing protocol or system service)

Question 53

What are the Severity Levels?

Answer 53

``` Level 0 - Emergency (system unstable) Level 1 - Alert (immediate action required) Level 2 - Critical Level 3 - Error Level 4 - Warning Level 5* (default) - Normal but important Level 6 - Information Level 7 - Debugging ```

Question 54

What is log message format?

Answer 54

1. Timestamp 2. Facility 3. Severity 4. Mnemonic (a device specific code that identifies the log message) 5. Text description

Question 55

IOS Command: | logging host

Answer 55

Sets the destination syslog server

Question 56

IOS Command: | logging trap

Answer 56

Determines what log severity levels to send the server

Question 57

IOS Command: | service timestamp log datatime msec

Answer 57

Attaches time info to the alerts

Question 58

IOS Command: | logging console

Answer 58

Shows system messages on the screen of the console connection (enabled by default)

Question 59

IOS Command: | terminal monitor

Answer 59

Shows sytem message on the screen of a remote connection (Telnet, SSH)

Question 60

IOS Command: | login buffered

Answer 60

Saves system messages to the RAM (enabled by default)

Question 61

IOS Command: | logging host

Answer 61

Sets the destination IP of the syslog server

Question 62

IOS Command: | service timestamps log datetime msec

Answer 62

Adds time records

Question 63

What is Network Time Protocol (NTP)?

Answer 63

NTP is a client-server protocol responsible for the synchronization of the time and date across all devices on the network. Operates on UPD port 123 and is defined in RFC 1305

Question 64

How do you configure time?

Answer 64

1. Manual configuration | 2. Automatic configuration

Question 65

What is time Manual Configuration?

Answer 65

Requires manual setting on each device. Not recommended due to lack of scalability

Question 66

What is time Automatic Configuation?

Answer 66

Requires an available and configured NTP server. Only the server's IP address needs to be set on the network devices. Ensures that all devices on network have accurate time/date automatically. Cisco routers can be configured to act as NTP servers

Question 67

What is NTP Usage?

Answer 67

cisco routers and switches use NTP to determine although routers and switches can also act as NTP servers

Question 68

What is Stratum Model?

Answer 68

Stratum levels define the distance from high-precision reference clocks which begin w/ stratum 0 to devices connected hierarchically. Servers linked to the reference clock are stratum 1, devices that receive time from servers are stratum 2, etc. Max 15 levels

Question 69

IOS Command: | clock set

Answer 69

Sets clock date and time

Question 70

IOS Command: | ntp server

Answer 70

Identifies NTP server's IP address

Question 71

IOS Command: | (do) show clock

Answer 71

Shows time

Question 72

IOS Command: | log timestamp

Answer 72

Logs device messages and events with a time and date

Question 73

IOS Command: | ntp master <1-15>

Answer 73

Enables network device (router or switch) to act as an NTP server. Requires a stratum value and number of hops from an accurate time source (e.g. atomic clock)